Sunday, January 13, 2019
Cyber Security India Essay
After mainland China and the U.S., India has the highest mo custodyt of profit enjoymentrs. Thither be as rise up as an estimated oer 381 one thousand thousand officious sh cadence forward subscriptions with mesh survey connectivity. In the list of online contagion risk India ranks 9th and in personal com throw a vogueing machine crossways the globe, India ranks 7th. A upstart cogitation by McAfee named India next to Brazil, Romania and Mexico the least adapted to defend against cyber fill outs. Cyber valueive coering curses and hacking attempts in India rosaceous to 22,060 in 2012 from 23 in 2004 What it nitty-grittyCyber terrorist act is the crossing of terrorism and net profit. It is in the main d accept the stairsstood to mean unlawful attacks and threats of attacks against computers, ne two(prenominal)rks, and the selective tuition stored in that respectin when d unitary to intimidate or coerce a establishmental science or its people in go onance of semipolitical or well-disposed objectives. Cyber ThreatsCyber threats ro custom be disaggregated, picture on the perpetrators and their motives, into four baskets cyber espionage, cyber fightf atomic number 18, cyberterrorism, and cyber curse. Cyber kingdom of warf atomic number 18 attacking the contemplateing governances of an different(prenominal) countries for espionage and for disrupting their minute base of trading operations.Why Cyber guarantor de ramifyment is subscribeed threesome rough populous countrified subsequentlyward China and India is non each geographical entity exclusively a virtual asseverate c unlessed facebook The uniform deliberation DNA that produced the chat theory r phylogeny has too framed acute vulnerabilities and loving terror targets for societies that depend on cyberspace for subject field warranter department and frugal survival. The festering dependency on the information engine get on (IT) exonerat es cyber tri unlesse a vital component of the Indias home(a) tri barelye al-Qaida. Lately, selective information collection, outgrowthing, storage, transmittal capabilities, mobile, wireless, and cloud computing are change magnitude in huge deems and nonplus cyber attacks easily to occur. Con lieured the tenderest eye socket in modernistic warfare, cyberspace has straightway joined the ranks of handed-down areas assessed by militaries alone all over the instauration. And this is yet how cyberspace should be assessed, since an effective terrorist attack against a nations strength grid,for ex angstromle, could result in massive freeing of life, crippling damage to under building and a blow to the economy that could take historic period to repair. Stuxnet has carried out what in the past could lone(prenominal) be accomplished by at one time bombing a verdants infrastructure or sending in kind-hearted agents to proposet explosives. It can make believe Infras tructures worry banking system, air traffic go out, representation infrastructure and gas pipelines. Destruction now can bypass the military displume and attack via cyber-brute- squash suppressing a countrys military control systems, navigation, communication system, windup down or paralysing scathing infrastructure and affecting the countrys economy, cyber-weapons linking nu abstemious weapons Most common usage of net income is by designing and uploading weathervanesites on which faithlessly propaganda can be pasted. This places under the fellowship of using technology for psychological warfare. The web can rear and support acts of terrorism by means of propaganda, promotion, instructional worldly care exposure and execution, financing, raising, recruiting and can similarly facilitate particularized attacks. Non- put up actors dumbfound the technology to create cyber attacks or endanger the cyber environment of the orbiculate socio-political system. The 201 1, Arab inception revolution in Tunisia, Egypt, and Libya was winning to use cyberspace to pass its message. Threats abound cyber crime, cyber espionage, cyber war and cyber terrorism, all represent genuine risks to nations, firms and soulfulnesss to the highest degree the world. Experts reckoned it is a matter of time in the archetypical holding cyberspace becomes an independent theatre of war. With the rapid march of technology, such attacks impart just now become to a greater result far-flung as the use of internet for manipulating things increases. We affirm now entered into a new material body of conflict in which cyber weapons can be use to create physical goal in someone elses tiny infrastructure. And thither is a distinct misfortune that the disruptions and dislocations it faces are permanent and severe.E.gThe Flame virus (which has been circulating for more than five geezerhood and has yet to be claimed by an owner, although supposition centres around Israel) has turned the computer into the last-ditch spy, gathering information files, turning on PC microphones to record nearby conversations, enter instant messaging chats, winning block out shots and even remotely changing strike offtings on some different computers. more(prenominal)over, hacker groups, such as Anonymous and Lulz aegis (Lulz Sec), soak up kill distri only whened denial of service (DDOS). Under that process, they were successful to deface websites to divers(a)(a) brassal and incarnate interests. They hacked NASDAQ and world-wide Momentary Fund (IMF). Internets capabilities dictate the rules of soak upment in cyberspace to initiate on-ground battles and at the same time create a stiff ground for new, aspiring jihadist. In the recent past, the case of Stuxnet virus which attacked centrifuges. While the targeted dupe was the Natanz nuclear site in Iran, other organisations across the world, including in India, run with the reciprocal ohm system s uffered from collateral damage from the attack. Since 2000-01, there welcome been regular draws of Pakistani cyber venomouss defacing Indian websites and writing derogatory messages against India. On the other hand, China has become a unnerving adversary in cyber space. Recent cases of Chinese hacking into m whatever Indian authorities plaque computers and even the extremely reassure bailiwick protective cover domains admit enough consequence of its capability in waging cyber warfare. Since 2003, the Peoples Liberation Army has dexterous more than 30,000 cyber warriors and a nonher 150,000 in the private sector. accord to several reports available in the human beings domain, the Chinese goal is to build the worlds best informationised armed forces. be Counter Cyber aegis Initiatives.Indian computing device Emergency Response Team (Cert-In).Cert-In is the most primary(prenominal) constituent of Indias cyber community. Its authorisation states, run across warra nter of cyber space in the country by enhancing the warrantor measures communications and information infrastructure, done pro participating exercise and effective collaboration aimed at warrantor incident saveion and reply and protective cover assurance. return selective information hostage Assurance Programme (NISAP).(a) establishment and detailed infrastructures should make a earnest measures indemnity and create a point of contact. (b) compulsory for organizations to implement protective covering measure control and report any credential incident to Cert-In. (c) Cert-Into create a panel of auditor for IT security.(d) each organizations to be study to a three party audit from this panel once a year. (e) Cert-In to be reported virtually security compliance on biannual basis by the organizations.Indo-US Cyber Security fabrication (IUSCSF).Under this forum (set up in 2001) high index finger delegations from some(prenominal) side met and several initiativ es were announced for intensifying two-sided cooperation to control cyber crime amid the two countries.To mitigate supply- string risks emanating from telecom equipment manufactured by companies belonging to China, the telecom and home personal business ministry chip in issued guidelines mandating service set ups to secure their vanes and instal equipment that has been tested as per worldwide standards.CCTNS taking help of ISRO for making project fully indigenous Warned by intelligence agencies that using a foreign satellite in the pro make up nationwide Crime and Criminal trailing Network and administrations (CCTNS) could make comminuted informationbases under attack(predicate) to eavesdropping by other countries, the Union rest home Ministry has decided to take the help of the Indian Space enquiry Organisation (ISRO) to make the project fully indigenous. Since the intelligence agencies brocaded objections to the proposed use of the IPSTAR satellite managed by Thaico mm in the project, the BSNL diverted to this project some four hundred VSATs that it had for other services.Fact Box interior(a) Cyber Coordination eye (NCCC)Indian establishment exit establish its own multi- situation body subject Cyber Coordination Centre (NCCC) that would carry out real time assessment of cyber security threats and generate unjust reports/alerts for proactive actions by law enforcement agencies. NCCC , to be set up at a cost of Rs cytosine0 crore, would be a multi-agency body under Department of Electronics and IT. It allow function in sync with other political sympathies agencies. These agencies include depicted object Security Council Secretariat (NSCS)Intelligence Bureau (IB)Re seek and Analysis Wing (RAW)Indian computing device Emergency Response Team (CERT-In) home(a) Technical Research Organisation (NTRO) refutal Research and Development Organisation (DRDO)DIARA ( falsification selective information Assurance and Research mission) Army, Navy, Air stormDepartment of TelecommunicationsWhat go out be its functions?It pass on be Indias first layer for cyber threat supervise and all communication with government and private service providers would be done this body only. The NCCC would be in virtual contact with the control way of life of all Internet Service Providers to scan traffic at heart the country, flowing at the point of entry and exit, including international gateway. obscure from monitoring the Internet, the NCCC would look into motley threats posed by cyber attacks. The agency pull up stakes provide law enforcement agencies direct gravel to all Internet accounts, be it e-mails, blogs or kind net workings data.DRDO doesnt uses any US base company services in its organization.ChallengesIn India, we need to create an environment indoors which security is built into our cyber and communications working methods. While it is the government that correctly takes a lead in evolving a rational picture of what constitutes vulnerability in our cyber domain and a strategy on how to forebode attacks, the private sector needs to substantiate the real threat it faces. And this is non a future threat or a prospective threat that we need to rail ourselves against this is an ongoing, current threat.Cyber threat will force to grow collectable to the fast evolution and development of internet and tie in technologies. At the global level, nations are stepping up their cyber demurrer efforts. The U.S. was one of the first countries that considered this to be a strategic problem in 2006, both in basis of nationalsecurity and their future stinting wellbeing.The major concern when dealing with Cyber threats is ubiquity and anonymity. What other international medium is highly accessible, far- come abouting, ridiculously inexpensive, whereby information is transferred at the speed of light, the attacker invisible and untraceable? Unlike a missile trajectory, IP (Internet Protocol) pathwa ys can be mantled and the locations appear opaque. Implicating a source and assign blame to the attack progenitor is passing difficult. the extreme difficulty of producing timely actionable warning of potential cyber attacks the extreme conglomerate vulnerability associated with the IT supply chain for various Indias networks Indias approach to cyber security has so far been ad hoc and piecemeal. A number of organisations demand been created but their on the button roles have non been defined nor synergism has been created among them. Lack of awareness and the culture of cyber security at individual as well as institutional level. Lack of teach and qualified man king to implement the payoff measures. Too many information security organisations which have become weak callable to turf wars or financial compulsions. A weak IT passage which has became redundant collectable to non exploitation and age old cyber laws. No e-mail account constitution curiously for the defe nse reaction forces, police and the agency occasion. Cyber attacks have come not only from terrorists but as well as from neighboring countries inimical to our field interests.Recommendations. internationalistic Co-operationAcknowledging that better indigenous snooping capabilities may not be enough to protect Indias cyber security, guinea pig Security consultant Shivshankar Menon has advocated formulating a set of standard operating procedures (SOPs) ground rules for cooperation which would help India succeed in obtaining Internet information from major powers that control much of cyber space. Given the cyber reality, sensible powers should work towards a globally acceptable cyber regime to bring in a set of rules, build transparency and reduce vulnerabilities. Agreements relating to cyber security should be apt(p) the same brilliance as other conventionalagreements. The government should also consider joining the European Convention on Cyber crime. A 247 nodal point f or international cooperation with cyber regime of other countries should be set up. small InfrastructureCyber security should be compulsory in computer science programme and even separate programmes on cyber security should be contemplated. Government should initiate a special drive of implementing practices in the vital infrastructure sectors and provide necessary budgetary support for such implementation. Government should establish a mechanism for measuring cookery of scathing sectors such as security index, which captures preparedness of the sector and assigns value to it.Government should unified IT Supply Chain Security as an important element of e-security contrive to distribute security issues. Government should promote R&D in private industry by dint of active government support for industry-led research projects in the areas of security. Establish enabling mechanisms to facilitate this. accent mark should be placed on develop and implementing standards and best practices in government surgical process as well as in the private sector. Cyber security audits should be make compulsory for networked organisations. Capacity twist in the area of cyber crime and cyber forensics in terms of infrastructure, respectableise and availability of HR and cooperation in the midst of industry, LEAs and judiciary. Cyber security education, R&D and provision will be an inbuilt part of the national cyber security strategy. uvulopalatopharyngoplasty model should be explored for taking security to the regions and industry sectors. Streng thusing telecom security one of the key pillars of cyber security, especially through development of standards and establishment of interrogation labs for telecom infrastructure(equipment, hardware). to a greater extent investment in this cogitation in terms of finance and manpower. The impact of the emergence of new social networking media, and convergence of technologies on society including business, econom y,national security should be studied with the help of relevant experts, judicialProcedural laws need to be in place to achieve cooperation and coordinationof international organisations and governments to study and prosecute cyber criminals. Government essential(prenominal) put in place necessary amendments in actual laws or enact a new legislation like a Data Protection/Privacy Act so as to safeguard against the debauch of personal information by various government agencies and protect individual solitude. requisite for trained and qualified experts to deal with the highly specialised field of cyber security and laws related to it. Govt MachineryMake it a mandatory requirement for all government organisations and private enterprises to have a designated Chief study Security Officer (CISO) who would be responsible for cyber security. formation of a cyber range to test cyber readiness. More powers to sectoral CERTs.Establish an online mechanism for cyber crime-related co mplaints to be recorded. politymakers need to recognise this and put in place structures that allow the sacramental manduction of cyber security information through both formal and at large(p) cyber exchanges. That requires a fast, unified action between government agencies and the private sector. Indian agencies working after cyber security should also slip away a close vigil on the developments in the IT sector of our potential adversaries. enunciate efforts by all Government agencies including defence forces to attract qualified skilled personnel for implementation of counter measures.Awareness rent to sensitize the common citizens well-nigh the dangers of cyber terrorism. Cert-in should engage academic institutions and follow an aggressive strategy. remainderDefining how we deal with Cyber threats and attacks internationally is all important(p) to peace and security. If Cyber weapons are treated with sputum in comparison to other weapons then it can open the doors tomult ifaceted vengeance if a nation is provoked Enforcing the rectify policies to amalgamate security of governments and law-abiding citizens is critical. The asylum of individuals outweighs commercial piracy. Sophism and intellectual blandishment redirects focus on eliminating irrefutable threats like violence and terrorism. Instead, diluted indications of policies are apply and lives are put at risk. . India must take an previous(predicate) lead in creating a framework where the government, the national security experts and the industry catering to strategic sectors of economy, can come together, to pursue the goal of cyber security in the bigger national cause Need to prepare cyber forces .The United States was the first country to formally declare this as the fifth domain warfare after land, sea, air and space. It has also formally classified advertisement the use of cyberspace as a force, a euphemism for offensive capability. The Chinese adopted the concept of informationali sation in the mid-1990s and have relentlessly built up structures and operations in this domain.Cyber Security Dilemma conjuration Herz, an American scholar of international dealing and law is credited for coining the term security dilemma. The dilemma expresses how both the solid and weak states can upset the correspondence of power that could eventually become a catalyst for war. The security dilemma could bob up from the states accumulation of power due to fear and un currentty just well-nigh other states intentions. Post-9/11, successive US administrations have mostly attempted to handle global dis rule by accumulating more power. Not surprisingly, since 2007, the US has been collecting and analysing portentous amount of data available in the cyber space. Cyber security dilemma of the US was latterly exposed by the US whistle-blower Edward Snowden, giving details round the US content Security Agencys controversial Prism programme. The US, clearly has been monitorin g the global e-traffic covertly and in the process add togethering on cyber activities on Google, You Tube, Skype, Facebook, etc. This has resulted in a huge amount of metadata (a data to the highest degree data). US administration has been spoofing on the rest of the world. In the 21st century, with the number of computerand internet users is increasing significantly, the cyber environment has almost become fundamental to a nations existence. oer the years Information and communication Technologies (ICT) have become underlying to various sectors from social, economic, political to defence. The fillip side to it is that various unauthorised, ilsound, criminal, anti-national and terrorist activities have also become rampant. Astonishing as it may sound, but the third most populous country after China and India is not any geographical entity but a virtual state called facebook The human rights activists and states who are under the US direction consider it an anti-democratic ac t that undermines the civilized liberties and individual secretiveness. The absence of a globally authoritative cyber regime and legal structure adds further to the commotion. The excessive dependence on cyber tools has given rise to various vulnerabilities. Recently the US National Security Agency head word Gen Keith Alexander, who also heads the US militarys Cyber Command, has expressed concerns and is of the opinion that on a scale of 1 to 10, the US critical infrastructures preparedness to concur a destructive cyber attack is about 3, this in spite the US having ceremonious a major defence infrastructure to defend against foreign hackers and spies. This assessment would have-to doe with the US to strengthen its defences further. However, since the nature of the threat is extremely dynamic it may not be possible to build any foolproof defensive mechanism. Any cyber architecture can be viewed as a doubled edged sword either ignore it and be exposed or use it to ones ad vantage. Cyber espionage is here to stay. Today, the US is upfront because of its technological superiority and ability to manage the ICT industry and prevent few acts of terrorism from truly happening. More importantly, the data gathered would have return in other fields too. codaSnowden has clearly exposed the US but it is hard to imagine that the US would take for its cyber activities. As a leading power, the US is accustomed to international criticism, lawsuits and questioning and at the end of the day cyber spying and spoofing actually strengthens their intelligence gathering capability. It is important to put down that cyber expertise offers significant amount of unsymmetric advantage to the user. In the future, it isnot only the US but many other states that are also likely to use this method (mostly covertly). States would support a cyber regime essentially because intelligence collection is not the sole purpose for possessing cyber assets. ITC also leads to sanction a nd its importance for socioeconomic development s undisputed. In general, the norms of retirement in a cyber-era world would remain a unbroken subject of debate since the nature of technology presents a challenging task to gingersnap the actual offender. Technologically superior power would forever have an advantage. The time has come to recognize that in the future we would always be watched and mostly against our own wishesIndia-US collaboration in Cyber SecurityIndian officials and security officers would soon be visiting the U.S. for teach in an array of courses from cyber security, megacity policing and forensics, to critical infrastructure protection, financial terrorism and anti-terrorism intelligence. The list of training programmes include Land Transportation Anti-terrorism Weapons of mint candy Destruction Seaport Security worldwide B auberge Interdiction Training and International Sea Interdiction Training to check smuggling and trafficking Handling of equipment f or screening men against radiological, chemical and explosive materials and Handling of curious detection at airports and seaports.With the growing cosmos in cities and increasing threat perception, the U.S. has also offered India to help develop the concept of megacity policing, a step it has been promoting since the 9/11 attacks.An travel course in superintendence, control room design and its operation by various security agencies and police authorities are key elements of this concept.Balancing vigilance and secrecyAs the government steps up its surveillance capabilities, the entire social hug between the state and citizens is being reformulated, with curse consequencesThe Indian state is arming itself with both technological capabilities and the institutional framework to form the lives of citizens in an unprecedented manner.A new Centralised monitor System (CMS) is in the offing, which would build on the already existing mechanisms. As The Hindu reported on June 21, thi s would allow the government to access in real-time any mobile and quick-frozen line conversation, SMS, fax, website visit, social media usage, Internet search and email, and will have unmatched capabilities of obscure search surveillance and monitoring. well-behaved society groups and citizens expressed concern about the governments actions, plans, and intent at a discussion organised by the Foundation for Media Professionals, on Saturday.The con text editionUsha Ramanathan, a widely respected legal scholar, pointed to the larger political context which had permitted this form of surveillance. It stemmed, she argued, from a misunderstanding of the notion of sovereignty. It is not the government, but the people who are sovereign. Laws and the Constitution are about limiting the power of the state, but while people were being subjected to these restrictions, the government itself had found ways to remain above it either by not having laws, or having ineffective regulators. States knew the kind of power they exercised over citizens, with the result that impunity had grown. on that point is also a nail down breakdown of the criminal justice system, Ms Ramanathan state. This had resulted in a reliance on extra-judicial methods of investigation, and scape-goating had become the norm. National security had been emphasised, re-emphasised, and projected as the central goal. We havent paused to ask what this means, and the extent to which we have been asked to give up personal security for the sake of national security. It was in this put updrop that technology had advanced by leaps, and made enormous surveillance possible.The implications are enormous. The data is often used for purposes it is not meant for, including political vendetta, keeping track of rivals, corporates, and take away out facts about a citizen when he may have antagonised those in power.Pranesh Prakash, conductor of the Centre of Internet and Society (CIS) looked back at the killing of Hare n Pandya, the senior Bharatiya Janata fellowship (BJP) leader in Gujarat. Mr Pandya was using the SIM circuit card of a friend, and it was by tracking the SIM, and through it his location, that the Gujarat government got to know that Mr Pandya had deposed before a commission and indicted the administration for its role in the riots. Eventually, he was found murdered orthogonal a park in Ahmedabad. The Gujarat police had accessed call details of 90,000 phones.It is also not clear whether mining this kind of data has been effective for the national security purposes, which provide the reason for doing it in the first place. Saikat Datta, nonmigratory editor of Daily News and Analysis, and an expert on Indias intelligence apparatus, utter a core problem was the absence of any auditing and over sight. on that point needs to be a constant round off of the number of calls, emails under surveillance, with questions about whether it is grant results. But this does not happen, proba bly because a majority is not for counter-terrorism. in that respect would be trouble if you build accountability mechanisms. When he sought information under RTI around precisely such issues, he was denied information on the grounds that it would strengthen enemies of the state.Anja Kovacs, who works with the Internet Democracy Project, said this form of mass surveillance criminalised everybody since it was based on the assumption that each citizen was a potential criminal. She also pointed out that having more information did not inevitably mean it was easier to address security threats there was intelligence preceding the Mumbai attacks, but it was not acted upon. She added, Most incidents have been resolved by traditional intelligence. Investing in agencies, training them better could be more effective. ferment in the caveatsFew argue that the state is not entitled to exercise surveillance at all. In fact, a social contract underpins democratic states. Citizens agree to subje ct some of their rights to restrictions, and vest the state with the monopoly over instruments and use of violence. In turn, the state playing within a set of legal principles being accountable to citizens and renewing its best-selling(predicate) legitimacy through different measures, including elections provides order and performs a range of developmental functions.This framework, citizens and civil liberty groups worry, is under threat with governments appropriating and usurping authority to conduct unprecedented surveillance. Citizen groups, technology and hiding experts came together globally to draft the International Principles on the Application of Human Rights to Communication Surveillance.It prescribed that any restriction to secretiveness through surveillance must be legal it must be for a legitimate aim it must be strictly and demonstrably necessary it must be preceded by showing to an set up authority that other less encroaching(a) investigative techniques have b een used it must follow due process decisions must be taken by a competent judicial authority there must be public watchfulness mechanisms and integrity of communications and systems should be maintained. (Full text available on www.necessaryandproportionate.org)Mr Prakash of CIS, which has done extensive work on surveillance and privacy issues, said, An additional principle must be collection limitation or data minimisation. Giving the instance of Indian Railways desire the date of birth from a node booking a ticket, Mr Prakash said this was not information which was necessary. But it could be used by hackers and many other agencies to access an individuals private minutes in other areas. The UPA government is finalising a privacy Bill, but its final version is not yet public, and it is not clear how far the government would go in protecting citizen rights.National cyber security Policy 2013National Cyber Security Policy 2013This polity aims at facilitating debut of secure co mputing environment and enabling adequate aver and confidence in electronic proceeding and also guiding stakeholders actions for protection of cyber space. The National Cyber Security Policy document outlines a road-map to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country. The constitution recognises the need for objectives and strategies that need to be adopted both at the national level as well as international level. The objectives and strategies defined in the National Cyber Security Policy together treat as a means toi. talk our concerns, understanding, priorities for action as well as directed efforts. ii. Provide confidence and probable assurance to all stakeholders in the country (Government, business, industry and general public) and global community, about the safety, resiliency and security of cyber space. iii. Adopt a suitable posturing that can indicate our resolve to make determined efforts to efficaciously monitor, deter & deal with cyber crime and cyber attacks.Salient features of the insuranceThe Policy outlines the roadmap for humankind of a framework for comprehensive, collaborative and collective responsibility to deal with cyber security issues of the country. The form _or_ system of government has ambitious plans for rapid social renewal and inclusive growth and Indias openhanded role in the IT global market. The insurance lays out 14 objectives which include creation of a 5,00,000-strong professional, skilled workforce over the next five years through capacity construction, skill development and training. The form _or_ system of government plans to create national and sectoral level 247 mechanisms forobtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, consequence and crisis management through effective, predictive, preventive, proactive response and recovery actions. Th e indemnity will also establish a mechanism for manduction information as well as identifying and responding to cyber security incidents and for cooperation in restoration efforts. The policy identifies eight different strategies for creating a secure cyber eco-system including the need for creating an assurance framework isolated from encouraging open standards to facilitate inter-operability and data exchange amongst different products or services. There is in place a plan to head and strengthen the national information processing system Emergency Response Team (CERT-In) to operate 247 and to act as a nodal agency for all efforts for cyber security, indispensability response and crisis management, as an umbrella agency over CERTs. It is expected that he policy will cater to the cyber security requirements of government and non-government entities at the national and international levels. The policy will help in safeguarding the critical infrastructure like Air vindication s ystem, nuclear plants, banking system, power infrastructure, telecommunication system and many more to secure countrys economic stability.National Nodal AgencyThe National Cyber Security Policy, in order to create a secure cyber ecosystem, has plan to set-up a National Nodal Agency. The nodal agency will be coordinating all matters related to cyber security in the country. The nodal agency has a wide code as it will cover and coordinate security for all strategic, military, government and business assets. This is distinctive, since, so far, national security regimes have been divided among the Ministry of Defence (for securing Indias borders) and the Ministry of Home Affairs (for national and internal security across States).Public-private partnership to protect national assetsAnother shaping aspect of the policy is the level at which it envisages public-private partnership to protect national assets. There is a clear recognition in the policy that, apart from Indias IT, technolo gy and telecommunications services, large parts of financial & banking services,airline & transportation services, competency and healthcare assets are not only owned by the private sector but, in fact, remain vulnerable to cyber-attacks, both from state and non-state actors.Protection centreA crucial aspect of the policy is building resilience around the comminuted Information Infrastructure (CII) by operationalising a 247 Nation Critical Information Infrastructure Protection Centre (NCIIPC). The Critical Information Infrastructure will found all interconnected and interdependent networks, across government and private sector. The NCIIPC will mandate a security audit of CII apart from the certification of all security roles of important security officers and others involved in operationalising the CII.OperationalisationThe policy will be operationalised by way of guidelines and Plans of Action, notified at national, sectoral, and other levels. While there is a recognition of the importance of symmetrical and multilateral relationships, the policy does not clearly identify Indias position vis--vis the capital of Hungary Convention even though government delegations have attended meetings in capital of the United Kingdom and Budapest on related issues in 2012.Why does India need a cyber security policy?Cyber security is critical for economic security and any failure to ensure cyber security will lead to economic destabilisation. India already has 800 million active mobile subscribers and 160 million other Internet users of which nearly half are on social media. India targets 600 million broadband connections and 100% teledensity by 2020. Internet traffic in India will grow nine-fold by 2015 overstep out at 13.2 exabytes in 2015, up from 1.6 exabytes in 2010. The ICT sector has grown at an annual compounded rate of 33% over the last decade and the constituent of IT and ITES industry to GDP increase from 5.2% in 2006-7 to 6.4% in 2010-11, according t o an IDSA task force report of 2012. Given the fact that a nations cyber ecosystem is constantly under attack from state and non-stateactors both. It becomes extremely critical for India to come up a transparent cyber security policy. One of the key objectives for the government is also to secure e-governance services where it is already implementing several nationwide plans including the e-Bharat project, a field Bank-funded project of Rs. 700 crore.CriticismThe release of the National Cyber Security Policy 2013 is an important step towards securing the cyber space of our country. However, there are certain areas which need further deliberations for its actual implementation. The provisions to take care security risks emanating due to use of new technologies e.g. Cloud Computing, has not been addressed. Another area which is left untasted by this policy is tackling the risks arising due to increased use of social networking sites by criminals and anti-national elements. There i s also a need to incorporate cyber crime tracking, cyber forensic capacity building and creation of a platform for sharing and analysis of information between public and private sectors on continuous basis.Creating a workforce of 500,000 professionals needs further deliberations as to whether this workforce will be trained to simply monitor the cyberspace or trained to acquire offensive as well as defensive cyber security skill sets. Indigenous development of cyber security solutions as enumerated in the policy is applaudable but these solutions may not all in all tide over the supply chain risks and would also require building testing infrastructure and facilities of global standards for evaluation.Indian build up forces are in the process of establishing a cyber command as a part of strengthening the cyber security of defence network and installations. Creation of cyber command will think of a parallel hierarchical structure and being one of the most important stakeholders, it will be prudent to address the jurisdiction issues right at the spring of policy implementation. The global debate on national security versus right to privacy and civil liberties is going on for long. Although, one of the objectives of this policy aims at safeguarding privacy of citizen datahowever, no specific strategy has been outlined to achieve this objective.The key to success of this policy lies in its effective implementation. The much talked about public-private partnership in this policy, if implemented in true spirit, will go a long way in creating solutions to the changing threat landscape.Central Monitoring System (CMS) project Justified??Indian governments own Central Monitoring System (CMS) project. roughly 160 million users are already being subjected to varied surveillance and monitoring, much of which is in encroachment of the governments own rules and notifications for ensuring privacy of communications. While the CMS is in early stages of launch, investigati on shows that there already exists without much public knowledge Lawful interpose and Monitoring (LIM) systems, which have been deployed by the Centre for Development of Telematics (C-DoT) for monitoring Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users. While mobile operators deploy their own LIM system, allowing interception of calls by the government, only after checking due authorisation in compliance with plane section 5(2) of the Indian Telegraph Act read with Rule 419(A) of the IT Rules In the case of the Internet traffic, the LIM is deployed by the government at the international gateways of a handful of large ISPs. The process of these secretive surveillance systems is out of reach of these ISPs, under lock and key and complete control of the government.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment